podcast
details
.com
Print
Share
Look for any podcast host, guest or anyone
Search
Showing episodes and shows of
Secplicity
Shows
The 443 - Security Simplified
Are TP-Link’s Days Numbered?
https://youtu.be/jVSMBcT3GnI This week on the podcast, we cover the National Public Data breach that may have leaked every American's social security number. After that, we discuss research from TALOS on how attackers can abuse Microsoft applications on macOS to gain access to your camera and microphone. We end the episode by discussing recent research on how attackers are attempting to evade Endpoint Detection and Response (EDR) tools.
2024-08-26
40 min
The 443 - Security Simplified
Leaking Every American’s SSN
https://youtu.be/wft_hpC-_Wo This week on the podcast, we cover the National Public Data breach that may have leaked every American's social security number. After that, we discuss research from TALOS on how attackers can abuse Microsoft applications on macOS to gain access to your camera and microphone. We end the episode by discussing recent research on how attackers are attempting to evade Endpoint Detection and Response (EDR) tools.
2024-08-20
36 min
The 443 - Security Simplified
Summer Camp 2024 Recap
https://youtu.be/0jX-2UYlf8Q This week on the podcast, we round out our takeaways from the Black Hat and Def Con security conferences in Las Vegas. We go through 4 talks across both conferences that were especially interesting either for nostalgia or modern impact.
2024-08-13
45 min
The 443 - Security Simplified
BlackHat 2024 Day 2 Recap
https://youtu.be/4IWdQ249z_M On this episode of the podcast, we have another recap from the BlackHat security conference in Las Vegas. This time we discuss a new initiative to protect the world from deepfakes, followed by a penetration testing engagement that proved immutable backups doesn't always mean available backups.
2024-08-10
35 min
The 443 - Security Simplified
BlackHat 2024 Day 1 Recap
https://youtu.be/cEiPjW_STUU On this episode of the podcast, we cover our two favorite briefings from the first day at the Black Hat security conference. We start with our thoughts on "shadow resources" in cloud environments before giving an update to last week's episode with additional research into AI-as-a-Service attacks.
2024-08-08
30 min
The 443 - Security Simplified
Stay Tuned for Hacker Summer Camp Recaps
https://youtu.be/PTm87MQS-Z8 This week we will be attending Hacker Summer camp in Las Vegas. We will be publishing a recap each day focusing on our key takeaways.
2024-08-06
00 min
The 443 - Security Simplified
CrowdStrike’s Incident Report
https://youtu.be/AMwgW11DT1c This week on the episode, we walk through CrowdStrike's preliminary post incident report to understand exactly what happened during the July 19th outage and what all software vendors can learn from the event. After that, we cover a clever plot that lead to KnowBe4 hiring a North Korean threat actor. We end with some research from Wiz on Artificial Intelligence tenant isolation.
2024-07-29
47 min
The 443 - Security Simplified
Global Security Outage
https://youtu.be/NgggZ_3ZBGg In this daily security byte with WatchGuard CSO, Corey Nachreiner, he explains the recent Global IT outage cause by a CrowdStrike update. We also follow-up on RockYou and the RockYou2024 data dump of 10 billion records
2024-07-20
54 min
The 443 - Security Simplified
Blast RADIUS
https://youtu.be/wozYlHlPPmE This week on the podcast we discover the newly-disclosed protocol vulnerability in certain RADIUS implementations. Before that, we give an update on the continued fallout from the Snowflake customer databreaches including a new disclosure from AT&T. We also discuss a blog post from JFrog that details how they saved the world from what could have been the worst supply chain attack in history.
2024-07-15
42 min
The 443 - Security Simplified
OpenSSH regreSSHion Vulnerability
https://youtu.be/p_zv9TEIZO0 This week on the podcast, we cover OpenSSH's recent critical vulnerability and what it means for systems administrators. Before that, we discuss the CDK Global ransomware attack impacting car dealerships across the us, a Korean internet service provider delivering malware to their customers, and a takeover of a popular JavaScript library gone hostile.
2024-07-02
45 min
The 443 - Security Simplified
Snowflake Breach Campaign
https://youtu.be/Pxh2VhwkHrE This week on the podcast we doscuss two issues from this month's Microsoft patch tuesday that deserve your attention. After that we discuss the recent data theft campain targeting Snowflake customers that has impacted over 100 organizations. We end the episode with an update on the hackers behind the MGM and Caesar's Entertainment breaches last year.
2024-06-24
35 min
The 443 - Security Simplified
Q1 2024 Internet Security Report
https://youtu.be/jE2m_BO_yyY This week on the podcast we cover the WatchGuard Threat Lab's Internet Security Report from Q1. In this episode, we discuss the latest trends in malware detections at the network and the endpoint, network attack trends, and malicious domains that targeted WatchGuard customers around the world.
2024-06-17
52 min
The 443 - Security Simplified
Recall Windows Recall
https://youtu.be/jxnYFdY-3P0 This week on the podcast, we discuss a new Microsoft Windows feature that is shaping up to be a security nightmare. Before that, we discuss a new research initiative from the Advanced Research Projects Agency for Health (ARPA-H) that could make big improvements in healthcare cybersecurity.
2024-06-05
30 min
The 443 - Security Simplified
SSID Confusion Attacks
https://youtu.be/b_KBOKn1IPo This week on the podcast, we cover a newly disclosed weakness in the 802.11 Wi-Fi standard that affects common enterprise Wi-Fi deployments. Before that, we discuss CISA's Secure by Design Pledge for technology vendors before ending with a Microsoft research post on Quick Assist social engineering.
2024-05-23
55 min
The 443 - Security Simplified
Seattle Kraken IT Joins The 443 Podcast
https://youtu.be/uo9m0hHQua4 In a very special episode of #the443Podcast, WatchGuard Director of Security Operations, Marc Laliberte sits down with Seattle Kraken Cybersecurity Engineer, Ryan Willgues to discuss how Ryan got his start in IT, what it’s like working for an NHL franchise, how the Kraken have deployed WatchGuard’s Unified Security Platform, and much more.
2024-05-23
28 min
The 443 - Security Simplified
Picking Secure Technologies
https://youtu.be/SF_42g-BYzM This week on the podcast, we cover guidance from CISA and its international partners that guides organizations on the right questions to ask during the technology procurement process to make sure the products they buy are secure. Before that, we cover Microsoft's research into a common vulnerability impacting over 4 billion Android application installations followed by a discussion on the Tunnel Vision VPN vulnerability
2024-05-13
47 min
The 443 - Security Simplified
The 2024 Verizon DBIR
https://youtu.be/dwRG_wO0vgc This week on the podcast, we cover the key takeaways from the 2024 Verizon Data Breach Investigations Report. Before that, we discuss what we learned from United Healthcare CEO Andrew Witty's congressional testimony on their ransomware attack in February. We also discuss a research article from JFrog on malicious Docker Hub repositories.
2024-05-06
50 min
The 443 - Security Simplified
Cisco ArcaneDoor Attack
https://youtu.be/GnxViRW1A24 This week on the podcast, we cover a nation-state backed attack against Cisco ASA appliances which Cisco TALOS themselves have dubbed "ArcaneDoor." After that, we discuss a phishing tookit being used to target LastPass users before ending with a new way to deliver malware payloads using legitimate services.
2024-04-29
44 min
The 443 - Security Simplified
BatBadBut What?
https://youtu.be/3fX7LRXi74I This week on the podcast, we cover a research post that describes a code injection vulnerability caused by the way nearly every high level programming language runs on Windows. We also discuss a series of vulnerabilities in LG televisions that allow remote attackers to root the device before ending with a chat about new adversarial tactics for delivering malware via GitHub.
2024-04-15
40 min
The 443 - Security Simplified
Bad Month for Software Supply Chains
https://youtu.be/0860ZmM1vgE This week on the podcast, we cover a software supply chain attack years in the making that was days away from a devastating global impact. After that, we cover Facebook's Project Ghostbusters and its impact on user privacy before ending with another software supply chain attack that successfully compromised developers in the gaming world.
2024-04-02
40 min
The 443 - Security Simplified
Trucking Worms
https://youtu.be/VqFnomsJzdA This week on the podcast we discuss a vulnerability in required commercial truck hardware that could enable an automatically propagating worm across the entire US. Before that, we cover Apple's "un-patchable" vulnerability in their M-series processors as well as a vulnerability that could let attackers unlock hotel room doors at will.
2024-03-26
45 min
The 443 - Security Simplified
A Wild Month in Ransomware
https://youtu.be/iYM3y85hEkM This week on the podcast, we're joined by Ryan Estes, a member of WatchGuard's Zero-Trust Application Service classification team and resident ransomware expert to discuss the wild month in ransomware news. We start the episode with a story about a fake ransomware operator that scammed cybercriminals out of tens of thousands of dollars before discussing two major Ransomware-as-a-Service operators that have had a pretty rough couple of weeks.
2024-03-11
29 min
The 443 - Security Simplified
Locking Up LockBit
https://youtu.be/GaX_8NOoq7w This week on the podcast, we cover an international law enforcement takedown of the LokBit ransomware group's infrastructure. After that, we cover a novel malware delivery vector involving an IoT "toy." We end the podcast by covering the latest White House Executive Order addressing cybersecurity in critical infrastructure.
2024-02-26
31 min
The 443 - Security Simplified
Flipping Out Over Flipper Zero
https://youtu.be/3SY1sDF-BA0 This week on the podcast we cover Canada's attempt to ban the Flipper Zero. Before that, we review a recent research post on a new class of vulnerability on the Ubuntu operating system. We end the episode with a chat bout a the impacts of artificial intelligence on data security. Menlo Report on Business AI Usage - https://info.menlosecurity.com/rs/281-OWV-899/images/How-employee-usage-of-generative-AI-is-impacting-security-posture.pdf?version=5
2024-02-20
47 min
The 443 - Security Simplified
Could a Toothbrush Botnet Happen?
https://youtu.be/VfKlq6DisLY This week on the podcast, we cover a recent news post about an army of 3 million compromised toothbrushes taking down a Swiss website, causing millions in damages. After that, we discuss the United States DOJ's latest botnet takedown, this time targeting Volt Typhoon. We end the episode by walking through a CISA joint-publication giving guidance on how to defend against Living-of-the-Land (LotL) attacks
2024-02-12
50 min
The 443 - Security Simplified
A Door in Apple’s Walled Garden
https://youtu.be/MY4TpiL76gY This week on the podcast, we cover Apple's recent announcement describing how they will comply with the European Union's new Digital Markets Act and what that means for the iPhone walled garden. Before that, we cover a databreach at Mercedez-Benze thanks to an alternative authentication method. Additionally, we cover the roundup of vulnerabilities in Ivanti's remote Policy Secure and Connect Secure products and how organizations should respond.
2024-02-05
51 min
The 443 - Security Simplified
A Blizzard of Threats
https://youtu.be/fdAjMPAV6CM This week on the podcast, we cover two "Blizzard" threat actors targeting governments and private organizations. We also give an update to the SEC's compromised Twitter/X Account, and then end with a discussion of an EU program designed to improve their citizen's privacy while browsing the internet.
2024-01-29
37 min
The 443 - Security Simplified
Androxgh0st Analysis
https://youtu.be/jG3mwjCLpJQ This week on the podcast, we review a CISA and FBI joint advisory on the Androxgh0st malware. Before that we cover recent Volt Typhoon activity targeting SMB routers exposed on the internet. We end the episode with a fun research blog post about a series of flaws in an Indian insurance provider.
2024-01-22
34 min
The 443 - Security Simplified
NIST Tackles Adversarial AI
https://youtu.be/3E_Ei9hgNzA This week on the podcast, we review NIST's new publication that defines a taxonomy for how we talk about Adversarial Machine Learning. Before that, we cover a recent discovery of threat actors retaining access to Google accounts even through a password reset. We round out the episode with an account compromise that lead to a surge in Bitcoin price before finishing with a discussion of Living-off-Trusted Sites (LoTS) attacks that leverage GitHub.
2024-01-16
51 min
The 443 - Security Simplified
RIPE for the Taking
https://youtu.be/VK1QoxLP16Y This week, we cover a password compromise that lead to a mobile telco in Spain losing control of their IP address space. We also give a quick update on the Lapsus$ ringleader's court case before discussing a recently discovered macOS backdoor malware that evades most endpoint protection. We end the episode by covering Microsoft's research into a malware installation method that bypasses many security protections.
2024-01-08
37 min
The 443 - Security Simplified
Hacking the Crypto Supply Chain
https://youtu.be/YZLayuDJyyk This week on the podcast, we cover a supply chain attack against one of the largest hardware cryptocurrency wallet manufacturers. After that, we discuss the latest Apache Struts vulnerability under active exploit by threat actors. We end the episode with our thoughts on a research blog post about a set of threat actors using an old school attack against modern targets.
2023-12-19
38 min
The 443 - Security Simplified
Bluetooth Busted
https://youtu.be/sbc2U4WYrng This week on the podcast, we cover a new unauthenticated keystroke injection vulnerability in the Bluetooth implementation on nearly every type of device. After that we discuss Logofail, a suite of vulnerabilities in most UEFI boot implementations that could let threat actors easily hide their tracks. We end by covering a recent CISA advisory on Adobe ColdFusion exploits in the wild.
2023-12-13
36 min
The 443 - Security Simplified
Our 2024 Security Predictions
https://youtu.be/BHsow5qnmHw This week on the podcast we discuss our cybersecurity predictions for 2024. We'll cover each of the 6 predictions for the coming year including the trends behind them and how to protect your organization if they come true!
2023-12-04
55 min
The 443 - Security Simplified
Grading our 2023 Security Predictions
https://youtu.be/Eai8tYnU2I0 This week on the podcast, we look back to our 2023 security predictions and grade ourselves on how well we were able to see the future. We'll go through each of our 6 predictions, explain the trends that fueled them, and then provide either evidence that they came true or discuss reasons why they may not have yet.
2023-11-27
59 min
The 443 - Security Simplified
What to Expect from NIS2
https://youtu.be/RrKozKuhhcw This week on the podcast, we dive in to the EU's Network and Information Security directive update, aka NIS2. We'll cover who might be impacted and what to expect in terms of requirements in the coming year. Before that, we give an update to on the latest Scattered Spider threat actor activity followed by an update on LockBit's latest ransomware victims.
2023-11-20
50 min
The 443 - Security Simplified
Combined Cyber and Kinetic Warfare
https://youtu.be/GaTUPZ2RMK0 This week on the podcast, we cover an analysis from Mandiant on an attack lead by the Russian state-sponsored threat actor Sandworm that came alongside missiles strikes against Ukraine. Before that, we review Okta's post mortum from their recent cyber incident. We end the episode by discussing udpated research from Jamf on a North Korean threat actor targeting the financial sector.
2023-11-13
31 min
The 443 - Security Simplified
The White House Tackles AI
https://youtu.be/67SMv6JtJbc This week on the podcast we cover an Executive Order from the US White House on the topic of Artificial Intelligence. After that, we discuss the latest CISO that has found themselves in hot water with the law. We then cover an update to the Common Vulnerability Scoring System and end with a researcher claiming the end of encryption as we know it.
2023-11-06
59 min
The 443 - Security Simplified
The Threat Actor That Hacked MGM
https://youtu.be/kvSA53ncRlg This week on the podcast, we review a thorough unmasking of Octa Tempest, the threat actor beind the MGM and Caesars Entertainment attacks in September. Before that, we give an update on the Cisco IOS XE vulnerability that head to an implant installed on thousands of exposed devices. We round out the episode with an analysis of CitrixBleed, an information disclosure vulnerability in Citrix NetScaler that was just patched last week.
2023-10-30
49 min
The 443 - Security Simplified
CISA’s Secure by Design Whitepaper
https://youtu.be/GYoWiEKod38 This week on the podcast, we cover CISA's newly updated whitepaper on guidance for both software manufacturers and customers on the principals of secure-by-design and secure-by-default. Before that, we cover the Cisco IOS XE vulnerability that is under active exploitation in the wild, give an update on the EPA's efforts to regulate cybersecurity practices in water districts, and then discuss research into the latest "bullet proof hosting" options for malicious web content.
2023-10-23
49 min
The 443 - Security Simplified
Microsoft is Killing NTLM
https://youtu.be/dSUkvBUDum4 This week on the podcast, we cover the recent HTTP/2 protocol vulnerability that lead to the largest DDoS attack ever recorded by CloudFlare. After that, we discuss Microsoft's announcement about the deprecation of VBScript and the impending removal of NTLM. We then cover a collection of data allegedly stolen from the genealogy website 23 and Me before ending with a fun bit of research targeting private servers for the Grand Theft Auto Online video game.
2023-10-16
40 min
The 443 - Security Simplified
Q2 2023 Internet Security Report
https://youtu.be/NVvX02rwlEA This week on the podcast, we go through the latest Internet Security Report from the WatchGuard Threat Lab. We'll cover the top malware and network attack trends from Q2 2023 impacting small and mid-market organization globally before ending with defensive tips anyone can take back to their company.
2023-10-09
49 min
The 443 - Security Simplified
Bing Chat Malvertising
https://youtu.be/Io_lubfJgKE This week on the podcast, we discuss an alert from CISA on nation state threat actors embedding malware into legacy Cisco router firmware. After that, we cover a research post on malicious advertisements served up via Bing's ChatGTP integration. We then end with an analysis of North Korea's Lazarus group's latest social engineering techniques.
2023-10-03
30 min
The 443 - Security Simplified
Meta’ One Good Deed
https://youtu.be/Yo5GO14F5N0 This week on the podcast, we get up to speed on the MGM and Caesars Entertainment ransomware incidents from the previous week. After that, we take a deep dive into a blog post from Meta's application security team for their VR headsets. After that, we cover Microsoft's analysis of an ATP's pivot from email to another form of phishing.
2023-09-18
42 min
The 443 - Security Simplified
iPhone’s Latest 0-Day
https://youtu.be/UwuG1U1fZhE This week on the podcast, we cover Microsoft's final report on their July incident involving nation-state actors compromising enterprise email accounts. After that, we discuss a zero-day, zero-click vulnerability in iOS being actively exploited in the wild before ending with a chat about an upcoming change to how Android handles CA certificates.
2023-09-11
39 min
The 443 - Security Simplified
The Qakbot Takedown
https://youtu.be/NLO0DYuTZp4 This week on the podcast, we cover the FBI-lead, multinational takedown of the Qakbot botnet of over 700,000 victim devices. After that, we cover two android malware variants including one targeting victims in southeast Asia and another built by the Russian GRU.
2023-09-05
52 min
The 443 - Security Simplified
Weaponizing WinRAR
https://youtu.be/BVbVwm0dMgg This week on the podcast we cover the latest evolutions of the North Korean threat actor Lazarus before covering an actively-exploited 0day vulnerability in the popular unarchiver WinRAR. We end the episode with an AI-related attack that doesn't actually use AI.
2023-08-28
28 min
The 443 - Security Simplified
U.S. Cyber Trust Mark
https://youtu.be/Drx3kF3sllQ This week on the podcast we cover the FCC's proposal for a security assurance labeling program for IoT devices. Before that, we discuss the latest AI research challenge hosted by DARPA as well as some research into a novel attack against the AI/ML supply chain.
2023-08-21
52 min
The 443 - Security Simplified
Def Con 2023 Recap
https://youtu.be/LldPfSZY0uU On this week's episode, we chat about some of our favorite talks from this year's Def Con security conference. We'll cover several topics including artificial intelligence, hacking mobile point of sale devices, and how worried we should or shouldn't be about cyber warfare.
2023-08-14
53 min
The 443 - Security Simplified
BlackHat 2023 Recap
https://youtu.be/ltW3DQVrZ28 In this special end-of-week episode of The 443, we cover some of our favorite talks from this year's edition of the BlackHat cybersecurity conference in Las Vegas. We'll discuss the trends we saw and summaries of interesting topics including AI, nation state warfare, and improving cyber defense.
2023-08-11
58 min
The 443 - Security Simplified
What Is Same-Origin Policy? Replay
https://youtu.be/Gfvg7dywu8A This week we look back to an episode that originally aired in May 2021 where we remember a Def Con legend then dive in to two web browsing security acronyms. Keep an eye out later this week as we come to you from this year's Black Hat and Def Con cybersecurity conferences!
2023-08-08
40 min
The 443 - Security Simplified
Qakbot Qacktivity
https://youtu.be/FZKalGbK90A This week on the podcast, we cover the latest evolutions of the decade-old Qakbot malware including changes in how attackers deliver it. After that, we give an update on the SEC's new rules around mandatory security disclosure. We then end by reviewing CISA's analysis of Risk and Vulnerability Assessments they completed for their constituents in 2022.
2023-07-31
35 min
The 443 - Security Simplified
Red Teaming AI Systems
https://youtu.be/GzZkXckK3Nk This week on the podcast, we give an update on last week's discussion around a China-based APT targeting government organizations. After that, we cover the latest uses of generative AI like ChatGPT by malicious hackers. Finally, we end with a report from Google on their efforts around Red Teaming Artificial Intelligence systems.
2023-07-24
36 min
The 443 - Security Simplified
New Microsoft Office 0-Day
https://youtu.be/I-RjOTEJwZ0 This week on the podcast we cover two stories that came out of Microsoft's July Patch Tuesday. The first involves an incident within Microsoft that lead to foreign cybercriminals compromising the email accounts of multiple government agencies. The second story involves an actively exploited 0-day vulnerability in Office that at the time of recording, remains unpatched.
2023-07-17
32 min
The 443 - Security Simplified
Q1 2023 Internet Security Report
https://youtu.be/wXqymd_pLOU This week on the podcast, we cover WatchGuard Threat Lab's Internet Security Report for Q1 2023. Throughout the episode, we'll discuss the key trends for cyber threats impacting small and midsize organizations globally including the top malware and network attach detections as well as a look specifically at the endpoint. We round out the episode with key defensive takeaways you can take back to your organization to defend against these threats.
2023-07-03
54 min
The 443 - Security Simplified
RepoJacking
https://youtu.be/DYam7E96dgc On this week's podcast we discuss a recent analysis on the risks of GitHub RepoJacking. After that, we dive in to the Barracuda 0-day that China-based threat actors are actively exploiting as well as a novel command and control distribution method for a separate China-based APT.
2023-06-27
38 min
The 443 - Security Simplified
Minecraft Mod Malware
https://youtu.be/KOBaZcDg0tY This week on the podcast we cover a supply chain attack of sorts against Minecraft gamers. After that, we cover a vulnerability in MOVEit Transfer that threat actors are exploiting in the wild to steal data and deploy ransomware. Finally, we wne with our review of the latest Verizon Data Breach Investigations Report (DBIR).
2023-06-12
52 min
The 443 - Security Simplified
How Not to Update Software
https://youtu.be/PZWaRaguDTI This week on the podcast, we give a quick update on the latest Volt Typhoon activity before covering a newly for sale EDR bypass tool. After that, we discuss Gigabyte's decision to rootkit their own motherboards before ending with a new macOS vulnerability.
2023-06-05
37 min
The 443 - Security Simplified
Naming APTs
https://youtu.be/loUDfzGTaiE This week on the podcast, we cover Microsoft's latest refresh of naming conventions for advanced persistent threat (APT) actors worldwide, as well as an update on two specific threat actors and their latest tactics. We also cover a ransomware event targeting a biotechnology company with an interesting twist.
2023-05-29
40 min
The 443 - Security Simplified
TikTok is Banned, Kind Of
https://youtu.be/W57_CpRSFEA This week on the podcast, we cover the recent TikTok ban coming from the state of Montana and discuss whether it was justified and what the potential security impact is. Before that, we give an update on two US Supreme Court cases that were poised to potentially strip away Section 230 protections. We also highlight a new phishing-as-a-service (PaaS) platform that has yet again lowered the barrier for executing sophisticated attacks.
2023-05-23
49 min
The 443 - Security Simplified
An Interview with ChatGPT
https://youtu.be/-asU7Sd24gg This week on the podcast, Marc kick's Corey off the podcast and interview's ChatGPT to learn its thoughts on AI applications in cybersecurity, both on offense and defense.
2023-05-16
38 min
The 443 - Security Simplified
Securing Healthcare Tech
https://youtu.be/PoEXinvhMVQ This week on the podcast, we cover two new malware research pieces, including the latest evolution of a delivery vehicle as old as time. After that, we cover recent regulations in the healthcare industry that have a chance to push the industry to a more secure future.
2023-05-08
47 min
The 443 - Security Simplified
Rustbuckets and Papercuts
This week on the podcast, we cover a recently discovered macOS malware attack that uses a multi-stage delivery mechanism. Before that, we discuss an actively-exploited vulnerability in the print management software PaperCut, as well as an update on the 3CX supply chain attack.
2023-05-01
42 min
The 443 - Security Simplified
MSPs Around the World – Americas
This week's podcast comes from the WatchGuard Apogee partner conference for the Americas where we bring on special guests Kevin Willette of Verus Corporation and Neil Holme of Impact Business Technology to discuss the challenges and opportunities MSPs and MSSPs will face in the coming years. This is the first of a multipart series where we explore similar questions around the world.
2023-04-24
49 min
The 443 - Security Simplified
Zero Trust Maturity Model 2.0
https://youtu.be/vzTpECddZRg This week on the podcast, we cover two new publications out of CISA. First, we dive into CISA's guidance to manufacturers and customers on products that are secure-by-design and secure-by-default. Next, we discuss CISA's latest Zero Trust Maturity Model which any organization can use to gauge how far along they are on the ZTA path and where the should focus their efforts next. Finally, we end wit some research from Blaze Information Security on a series of vulnerabilities in a play-to-earn blockchain game. You can view more information on the CISA guidance as well as Blaze...
2023-04-17
53 min
The 443 - Security Simplified
Operation Cookie Monster
This week on the podcast, we discuss another cybercrime marketplace takedown dubbed Operation Cookie Monster. After that, we discuss Microsoft's attempts to limit the distribution of a popular hacking toolkit. Finally, we discuss a recent analysis by Dr. Ken Tindell of Canis Automotive Labs around how criminals were able to steal his friend's Toyota Rav4. You can view Dr. Ken Tindell's full blog post here: https://kentindell.github.io/2023/04/03/can-injection/
2023-04-10
48 min
The 443 - Security Simplified
Another Software Supply Chain Attack
This week on The 443, we discuss the latest software supply chain attack with a potential blast radius of thousands of organizations. Then we cover a new protocol vulnerability in the Wi-Fi wireless standard before ending with some research into insecure Microsoft Azure applications.
2023-04-04
29 min
The 443 - Security Simplified
The NSA’s Guidance on Securing Authentication
This week we have all the acronyms as we cover a joint publication by CISA and the NSA with Identity and Access Management (IAM) best practices. We then cover some new proposed cybersecurity rules out of the Securities and Exchange Commission (SEC) before ending with an FBI takedown of a popular hacking forum.
2023-03-27
40 min
The 443 - Security Simplified
An Update on Section 230
On this week's episode we look back to our initial monologue on Section 230 protections that allow the social media and the internet as a whole to function. We cap off the episode replay with a new discussion on a recent supreme court case that has the potential to dramatically impact the internet as we know it.
2023-03-20
41 min
The 443 - Security Simplified
Here Come The Regulations
On today's episode, we cover two new sets of cybersecurity regulations, fresh off the heels of the White House's National Cybersecurity Strategy publication, targeting different critical infrastructure sectors in the United States. We'll also cover the latest in nation state activity targeting network connectivity appliances and end with some fun research into an oldie but goodie video game system.
2023-03-13
46 min
The 443 - Security Simplified
US National Cybersecurity Strategy
This week's episode is all about the White House's recently released National Cybersecurity Strategy. We'll walk through the strategy from top to bottom and discuss the key elements most likely to impact individuals and organizations as well as our overall thoughts on the direction the US Federal Government is planning to take.
2023-03-07
1h 10
The 443 - Security Simplified
Cybersecurity’s Toll on Mental Health
This week on the episode we have a discussion about stress related issues impacting cybersecurity professionals and ways to combat them. Before that, we cover the latest news including new 0click exploit protection from Samsung, the latest update on GoDaddy's security woes, and Twitters latest erratic move.
2023-02-27
53 min
The 443 - Security Simplified
Successfully Prosecuting a Russian Hacker
In today's episode, we discuss a recent court case resulting in the succesful conviction of a Russian national tied to breaking in to several publicly traded US companies. We also cover the latest details on the ESXiArgs ransomware attacks that have been impacting organizations globally as well as the latest CISA alert on nation-state ransomware activity.
2023-02-22
29 min
The 443 - Security Simplified
Live Audience MSP Q&A Panel
On this week's very special episode of the podcast, we sit down with Matt Lee, Calvin Engen, and Scott Williamson, three MSP security and business experts for a Q&A panel in front of a live audience! We'll cover everything from how MSPs and MSSPs should address the cyber threat landscape to what vendors can do to be a more appealing partner.
2023-02-14
1h 16
The 443 - Security Simplified
What is CVSS?
This week on the podcast we cover the Common Vulnerability Scoring System (CVSS) including how it works and some of its limitations. Before that though, we discuss a recent survey on the risks of ChatGPT's usage in cyberattacks and the latest activity from Lazarus, the North Korean government hacking operation.
2023-02-07
52 min
The 443 - Security Simplified
CISA Warns of Weaponized RMM Software
On today's episode, we cover a recent Department of Justice operation that resulted in taking down a major ransomware organization. After that, we cover two recent publications from CISA, the first on malicious use of legitimate RRM software and the second giving guidance to K-12 on how to address cybersecurity concerns.
2023-01-31
49 min
The 443 - Security Simplified
Report Roundup
This week on the podcast, we cover key findings from three individual reports published last week. In the first report we'll dive into the world of blockchain analysis looking for illicit transactions. In the second report, we'll cover the state of SMB security. The final report includes a discussion of overall financial crime involving stolen payment card information.
2023-01-23
46 min
The 443 - Security Simplified
The RCE Vulnerability That Wasn’t
This week on the podcast we cover a recently-disclosed vulnerability in the popular JavaScript library JsonWebToken. After that, we give an update to weaponizing ChatGPT, the currently free Artificial Intelligence chat bot that has made waves since it's release in November. We round out the episode with a wave farewell to Windows 7 and Windows 8.1 and what the end of extended support means for businesses.
2023-01-17
39 min
The 443 - Security Simplified
Reviving a Dead Botnet
This week on the podcast we cover a recent analysis by Mandiant on a Russia-based APT using a decade old botnet to deliver new attacks. Before that, we cover an update from LastPass about their most recent breach as well as the 200 million Twitter accounts leaked last week.
2023-01-10
45 min
The 443 - Security Simplified
Q3 2022 Internet Security Report
This week on the podcast we discuss key findings from the WatchGuard Threat Lab's Q3 2022 Internet Security Report. We'll cover everything from the top malware threats to the latest network attack trends targeting small and midsize enterprises globally and give practical defensive tips that anyone can use to keep their organizations safe. [PowerPress]
2023-01-03
32 min
The 443 - Security Simplified
2023 Security Predictions
It's that time of year for us to discuss the WatchGuard Threat Lab's 2023 cyber security predictions! On this episode, we will cover the six predictions plus another two that didn't make the cut as well as some defensive strategies to try and help stop them from coming true.
2022-12-20
47 min
The 443 - Security Simplified
Apple’s New Privacy Expansion
This week on the podcast, we cover Apple's latest announcement of expanded privacy and security features for their users. Before that, we cover a major breach in the Android ecosystem followed by a new Internet Explorer (yes, that still exists) 0-day vulnerability.
2022-12-13
50 min
The 443 - Security Simplified
Hacking Hyundai
On this week's episode, we cover the latest in car hacking, this time involving a vulnerability that could have given remote attackers full control over certain Hyundai models' doors, lights and engine. After that, we discuss the latest breach impacting a major password management app and how it's different from previous ones we've seen. We end with a discussion on the latest 'custom security solution' vendor selling spyware tools for profit.
2022-12-06
44 min
The 443 - Security Simplified
CISA Incident Response Learnings
On today's episode we cover a pair of alerts from the Cybersecurity Infrastructure and Security Agency (CISA), one detailing the tools, tactics and procedures from a prolific ransomware organization and another walking through a recent incident response engagement CISA completed with a federal agency. Before that though, we learn about what happens when you use a software component that hasn't received updates in 17 years.
2022-11-29
35 min
The 443 - Security Simplified
Attack Surface Management
This week on the podcast we dive into the world of attack surface management. We discuss what your attack surface is made up of including some areas you may not have thought of and then cover the best ways to reduce and ultimately protect it.
2022-11-21
37 min
The 443 - Security Simplified
2022 Cybersecurity Predictions Recap
This week on the podcast we take a look back at our 2022 cybersecurity predictions and give ourselves a grading on how well we did. From cyber insurance to space hacks, we'll cover each of the 6 predictions we made last December and discuss why we think they did or did not come to fruition. As mentioned on the episode, several WatchGuard employees are participating in "Mo-vember" to raise awareness and contributions for men's health charities. Check out our page, and Corey's amazing mustache, at - https://nl.movember.com/en/team/2435885
2022-11-14
42 min
The 443 - Security Simplified
Why OpenSSL Downgraded Their Vulnerability
On this episode we cover the much anticipated OpenSSL vulnerabilities that were disclosed and patched on November 1st and why the 6 year streak of no critical issues continues. After that, we dive back in to election security and the hacking activity that could have the most impact. We end with an update from Apple on their security program and making vulnerability research more accessible.
2022-11-07
43 min
The 443 - Security Simplified
CISA’s Cybersecurity Performance Goals
This week on the podcast we cover CISA's freshly-released Cybersecurity Performance Goals (CPGs) designed to help smaller organizations bridge the gap between frameworks and practical implementation. After that, we discuss a new bill working its way through the US Senate designed to address open source software security risks. Finally, we end with a research post from Microsoft on the evolution of an interesting malware campaign.
2022-10-31
38 min
The 443 - Security Simplified
Ransomware TTPs Deep Dive
This week on the podcast, we cover another remote code execution vulnerability that looks extremely concerning on the surface but might be less serious in reality. After that, we cover two research articles by Microsoft on ransomware campaigns including defensive takeaways for all organizations.
2022-10-26
31 min
The 443 - Security Simplified
Cyber Energy Star
This week on the podcast we cover a proposed program from the White House to create an Energy Star-like label for cybersecurity in consumer products. Before that, we cover two other updates from the federal government including a new open source tool from CISA and the latest reincarnation of Privacy Shield.
2022-10-17
35 min
The 443 - Security Simplified
Q2 Threats and Guilty CSOs
This week on the podcast, we focus on highlighting WatchGuard's Q2 Internet Security Report, covering the latest threat trends and what you can do to avoid them. However, we also pack in our security news segment, with an Optus breach update from an Australian IT and security expert and WatchGuard Partner, the latest on the UBER CSO trial, and a warning about the recent zero day Exchange exploit that some call ProxyNotShell. This week's episode is a long one, so grab a fresh coffee and listen during a long walk or drive.
2022-10-12
1h 30
The 443 - Security Simplified
Optus Opts Out of PII Protection
This week on the podcast, we cover an Optus data breach that could affect over 10 million Australian customers, and what they should do to protect themselves. We highlight a new malware-as-a-service (MaaS) information stealer that lowers the cost and technical bar for cybercriminals. Finally, we end with some good news about how the FBI was able to catch and arrest an ex-NSA insider trying to sell sensitive national security data to a supposed Russian adversary. Or watch the video version here.
2022-10-03
50 min
The 443 - Security Simplified
An Uber Hack
This week on the podcast, we cover Uber's most recent security incident and the alleged individual behind it. After that, we dive into the world of gas station operational technology and potential security weaknesses in one tool. Finally, we end with a chat about the FBI CISO Academy and how the FBI as a whole is trying to reshape relationships with the private sector.
2022-09-28
45 min
The 443 - Security Simplified
Are CISOs Legally Accountable for Security?
This week on the podcast we cover a court case that is attempting to hold the ex-CISO of a popular tech company accountable for their actions involving a data breach dating back to 2016. Before that though, we dive in to a novel command and control (C2) method as well as the latest commoditization of a sophisticated cyber attack technique.
2022-09-14
47 min
The 443 - Security Simplified
A Day in the Life of a Malware Analyst
This week on the podcast we sit down with Ryan Estes, a malware analyst on the WatchGauard Threat Lab team, to discuss what it takes to rapidly differentiate malware from goodware. In this interview, we discuss what it takes to get in to malware analytics, popular tools to help with the task, and resources anyone can follow to build up skills.
2022-09-06
30 min
The 443 - Security Simplified
The Twitter Thing
This week on the podcast, we cover the big whistleblower complaint against Twitter including our hot takes on who to believe. We then cover an FBI alert on evasion techniques cyber criminals are deploying in their authentication attacks before finishing with a highlight of a very convincing phish.
2022-08-29
33 min
The 443 - Security Simplified
2022 Black Hat and Def Con Recap
This week on the podcast we review our time at this year's Black Hat and Def Con cybersecurity conferences in Las Vegas. We'll cover how the WatchGuard CTF contest went this year and discuss takeaways from a few of the briefings we attended.
2022-08-22
53 min
The 443 - Security Simplified
Hacker Summer Camp 2022
This week on the podcast, we give our preview of the Black Hat and Def Con cybersecurity conferences, aka Hacker Summer Camp. Throughout the episode, we'll discuss the briefings and panels we're most excited to see and what we hope to get out of them. If you're not able to attend either conference in person this year, be sure to watch the Def Con Youtube channel for recordings! Also, check out our capture the flag contest at WGCTF.com!
2022-08-09
36 min
The 443 - Security Simplified
Private Sector Offensive Actors
This week on the podcast we discuss the shifting landscape of phishing attacks in the wake of Microsoft's efforts to block malicious Office macros. We then cover a private organization that has been found not just selling exploit tools but also participating in offensive cyber operations. We end the episode with a review of IBM and the Ponemon Institute's Cost of a Breach Report for 2022.
2022-08-02
35 min
The 443 - Security Simplified
USA’s Answer to GDPR
This week on the podcast, we discuss the current cyber skills gab and a federal program designed to help combat it. After that, we dive in to the American Data Privacy protection Act and what it potentially means if passed by US Congress. We end this week with a quick update on Microsoft's attempts to protect users from malicious macro-enabled documents.
2022-07-25
37 min
The 443 - Security Simplified
Biohacking Part 1
This week on The 443 – Security Simplified, we cover the latest news including downtime for Facebook, a new IoT security bill making its way through congress, and the latest on nation-state hacking. Then, we begin the first of several episodes on the topic of biohacking. We start the series with a general overview of what biohacking is from cybernetic implants to DIY home-gene splicing. We’ll cover its origins, its future, and where it’s at right now with different subgroups of human biohacking. If there is a specific topic in biohacking that you would like us to cover in this series...
2019-03-18
33 min